A sophisticated Trojan horse program designed to empty bank accounts has a new trick up its sleeve: It lies to investigators about where the money is going.

First uncovered by Finjan Software last week, the URLzone Trojan is already known to be very advanced. It rewrites bank pages so that the victims don’t know that their accounts have been emptied, and it also has a sophisticated command-and-control interface that lets the bad guys pre-set what percentage of the account balance they want to clear out.

But Finjan isn’t the only company looking into URLzone. RSA Security researchers say the software uses several techniques to spot machines that are run by investigators and law enforcement. Researchers typically create their own programs that are designed to mimic the behavior of real Trojans. When URLzone identifies one of these, it sends it bogus information, according to Aviv Raff, RSA’s FraudAction research lab manager.

Security experts have long published research into the inner workings of malicious computer programs such as URLzone, Raff said. “Now the other side knows that they are being watched and they’re acting,” he said.

When URLzone spots a researcher’s program, instead of simply disconnecting from the researcher’s computer, the server tells it to do a money transfer. But instead of transferring the money into one of the criminal’s money mules — people who have been recruited to move cash overseas — it chooses an innocent victim. Typically, these are people who have received legitimate money transfers from other hacked computers on the network, Raff said.

So far, more than 400 legitimate accounts have been used in this way, RSA said. The idea is to confuse researchers and to prevent the criminal’s real money mules from being discovered. Banking Trojans such as Zeus and Clampi have been emptying accounts for years now, but Finjan dubbed URLzone the first of a new, smarter generation of the crimeware.

According to Finjan, URLzone infected about 6,400 computer users last month and was clearing about €12,000 (US$17,500) per day. So it now seems that even checking your bank accounts online from time to time is not enough to make sure your money is safe. I would recommend checking it from more than one computer from time to time just in case one of your computers happens to have been infected by this new nasty trojan!

The day dreaded by many commercial antivirus vendors is here: Microsoft today made its free antivirus software available.

Microsoft Security Essentials (MSE), which Microsoft had code-named “Morro,” basically replaces Microsoft’s subscription-based OneCare product, but focuses solely on anti-malware — detecting and removing viruses, spyware, rootkits, and Trojans. It doesn’t come with security “suite” functions, like a firewall, computer maintenance tasks, or backup.

Interestingly, Microsoft is neither pushing the product via Windows updates nor bundling it with the operating system. “You have to proactively go to the Microsoft site to download it,” says Alex Eckelberry, CEO of Sunbelt Technologies, which sells enterprise AV, email, and other security tools for Windows. Eckelberry says Microsoft’s freebie software is ultimately “good for the consumer.”

What about commercial AV vendors? Eckelberry says he doesn’t expect the software to hurt them as much as AV vendors, like AVG, that also offer free anti-malware software. While it’s mainly a consumer product, he says it will also attract small mom-and-pop shops. “It won’t affect enterprise SMBs because it’s not manageable, so they won’t touch it,” he says.

Overall, Eckelberry says, MSE is good for consumer security.

Siobhan MacDermott, head of public policy, corporate communications, and investor relations for AVG Technologies, says while free AV sounds good at first glance, it could actually hurt consumers in the end.

“On the surface, a free offering from the company with a dominant market share would appear be a good thing. We believe, however, broad adoption could, in fact, put consumers at greater risk,” MacDermott says. “The strength of the security community rests in its diversity of products and the innovation delivered by companies like AVG, whose entire focus is keeping our users’ personal data and computers safe. It is our core business and one in which we simply cannot fail.”

Because Microsoft’s OS base is so large, a large community of MSE users will attract more attackers, according to MacDermott. “It is a law of numbers; large communities create large pools of opportunities for thieves,” she says. “If Microsoft leverages the power of its OS market to rapidly create a large community of MSE users, we believe those customers will be doubly vulnerable.”

Microsoft provided a peek at Security Essentials in June when it released a public beta version of the software.

The company says the software alerts users only when they need to take action due to a threat that’s detected, for instance, and it limits CPU and memory usage.

“Consumers have told us that they want the protection of real-time security software, but we know that too many are either unwilling or unable to pay for it, and so end up unprotected,” says Amy Barzdukas, general manager for consumer security at Microsoft. “With Microsoft Security Essentials, consumers can get high-quality protection that is easy to get and easy to use — and it won’t get in their way.”

MSE doesn’t require any registration or renewals, and is available for download here. For those interested, check out the review that is already up from arstechnica.com!

People who get their regular dose of news from the New York Times website were recently told to be careful when browsing through the said site as malicious advertisements —also known as “malvertisements” —are found on its pages and are displaying pop-up windows that falsely report malware infections on their systems.

As reported in detail by Trend Micro researcher Rik Ferguson in the Counter Measures blog, the New York Times issued warnings through both Twitter and its website’s front page about malvertisements that trigger the display of a malicious pop-up window. The said pop-up window displays the typical fake antivirus warning indicating malware infection. This forces the affected user to purchase a full version of a rogue antivirus software. Of course, the reported infections are in reality nonexistent. The alarming messages are mere distractions to convince the user into giving away important information.

Not only is good money wasted on purchasing a useless software. Important information such as credit card details are also compromised and made available to cybercriminals.

Lately I have been personally seeing a ton of computers at work with this exact infection (Personal Antivirus). The odd thing I take from it is that it doesn’t usually bring along any other malware with it when it gets onto a system. From time to time I see this program on a system that is infected with a rootkit or other more vicious piece of malware, but for the most part, it seems to work alone and does nothing but want to get your money and credit card information.

So it would seem that the creators of this certain rogue security software don’t want to harm their victim’s computers why placing harmful trojans on the system with it, but merely to create an annoying piece of software that will bug you until you pay it to stop… or remove it with a program such as Spybot – Search and Destroy. So be careful out there… cause even well trusted websites seem to be getting hit with these types of breaches that can harm your computer!

The U.S. and Brazil continued their output of spam and viruses through August, although levels have dropped slightly since July, according to security vendor Network Box.

An analysis of Internet threats by Network Box in August 2009 shows that which peaked in July (when volumes increased by 300 per cent), are down again at levels seen in June (around four viruses per customer, per hour). Spam is also down slightly, averaging around 90 spam e-mails per customer, per hour (from a peak of around 120 in May).

The U.S. continues to dominate as the main source of the world’s viruses, producing 15.9 per cent of all viruses. It is followed closely by Brazil, which produces 14.5 per cent (similar levels to last month’s 14.1 per cent). Brazil continues to be the biggest source of spam, producing 11.6 per cent of all spam, followed by the US at 8.6 per cent and South Korea at 7.2 per cent.

South Korea remains the biggest source of intrusion attacks, at 17.3 per cent. Phishing attacks also remain high, at 33 per cent of all viruses. This is down slightly from last month’s 36.2 per cent, but still significantly higher than in June, when phishing attacks made up just five per cent of all viruses.

What a majority of web users today do not realize is that applying patches to their system are the number one way to prevent infections.

Network Box lowered its global alert condition to Level 2, saying it has been the lowest in nine months. This means there are limited virus/worm activities, with no major unexploited vulnerabilities or threats.

Mark Webb-Johnson, CTO of Network Box, said: “The large number of recent vulnerabilities announced by both Microsoft and Apple led to a frenzy of malware activity spearheaded by an unprecedented large number of website defacements. What we’re now seeing is that those who have already patched are protected and those that haven’t are already infected — so the number of new infections appears to have levelled off.”

Simon Heron, Internet security analyst for Network Box, added: “Businesses and individuals still need to be alert to threats through the remainder of the summer, particularly phishing attacks. We’ve seen a huge increase in SQL injection attacks so it’s important that anyone using Web-based applications or servers keeps their security up-to-date.”

While threat landscape currently remains stable, Network Box said it will continue to closely monitor and re-evaluate the situation as necessary, especially with Microsoft’s Patch Tuesday coming next week. Let this be another reminder that keeping your system up-to-date is one of the best things you can do along with using antivirus software to keep you and your system safe.

Twitter has been spammed, DDoS’ed, and knocked offline, and now it has been used as the command center for a botnet. A researcher last week was looking for clues about the massive distributed denial-of-service (DDoS) attack on Twitter found a Twitter profile that was being used to send updates and malware to bots in an unrelated case of abuse of the site. “This is the first time I’ve seen in the wild botnet commands being pushed on Twitter — it won’t be the last,” says Jose Nazario, manager of security research for Arbor, who first spotted the botnet’s tweets. Nazario says there are probably other bot herders doing the same on Twitter.

“It looks like this guy is updating existing bots. I’ve seen and blogged malicious Twitter accounts in the past that spam links, using lures like ‘follow this band!’ that link to malcode,” he says. But this is the first time Twitter has been used to send commands to bots, he says.

Nazario says Twitter has since disabled the profile, but he says the same user, “upda4t3,” also has an account on Google’s Jaiku, the search engine giant’s microblogging service akin to Twitter. Joe Stewart, director of malware research for SecureWorks, in his Twitter update today said he had found “a newer version of the Twitter Bancos botnet — this one uses another microblogging service as a backup C&C [command and control].”

Botnet operators are always looking for ways to more stealthily communicate and update their victimized machines — some use peer-to-peer communications and HTTP to cover their tracks. Twitter is an ideal venue for them because it’s flexible, noisy with all of its communiques, and doesn’t have the anti-spam controls of other sites, Nazario says. And the anonymity of the URL shorteners also helps them send malicious links under cover, he says.

“They continue to innovate, and Twitter is likely to be yet another new channel to get updates out,” he says.

So far, the botnet seems to be all about stealing online banking information from bank customers in Brazil: Nazario found a couple hundred bots based in Brazil, but he says it’s difficult to get a real count. “To get that estimate, I went by who checked the update links on bit.ly [that] the bot was pushing via the Twitter updates,” Nazario says. “The malware came from somewhere else — we don’t know yet where. The Twitter status updates contain links to new downloads, more malware, and stuff to update and evade AV detection.”

Symantec researchers, meanwhile, are also dissecting the malware associated with the Twitter botnet. The Twitter status posts on the upda4t3 account were sending out new download links to malware that Symantec calls Downloader.Sninfs. The downloader reads a specific Twitter RSS feed once, according to Symantec. “The RSS feed is simply a text file similar to other RSS feeds found on other Internet sites. The RSS text file contains information as to where Downloader.Sninfs can find additional threats to download onto the compromised system. In this way the RSS file acts like a config file for the malware,” Symantec researcher Peter Coogan blogged. The malware downloaded by the Trojan is an existing Bancos password-stealing Trojan, according to Symantec, that poses as the interface at some Brazilian banks in order to steal passwords and other data off the victim’s computer.

A Domain Naming System (DNS)-changing Trojan targeting Macs is currently making the rounds disguised as MacCinema Installer (detected by Trend Micro as OSX_JAHLAV.D. This is the latest variant of OSX_JAHLAV.C, which was identified in June.

The Trojan is supposedly a QuickTime Player update with the file name QuickTimeUpdate.dmg. As with its earlier variants, users are prompted to download the malware when trying to view certain online videos from .com domains with the IP address, 91.214.45.73 such as:

• allincorx
• bigdron
• cikaredo
• civilizxx
• comeandtryx
• deribrowns
• draxxtermania
• givendream
• hitrowzone
• jumborad
• ltdkeeper
• operationelx
• oxxadox
• paxxtiger
• rednetx
• rstdeals
• simplexdoom
• sinisteer
• tdenuwas
• tniredrum
• ufapeace

If infected, a victim’s Web traffic can then be diverted to the website of the attacker’s choosing.

The Trojan contains component files detected as UNIX_JAHLAV.D and obfuscated scripts detected as PERL_JAHLAV.F. The Perl script then downloads a file from a malicious site and stores it as/tmp/{random 3 numbers}, detected as UNIX_DNSCHAN.AA, which allows a malicious user to monitor the affected user’s activities. This may also cause the user to be redirected to phishing sites or sites where other malware may be downloaded from.

Trend Micro Advanced Threats Researcher Feike Hacquebord notes the domain names have been set up such that when the main IP goes or is taken down, cybercriminals can easily move the backend to another IP address without the need to change code or scripts.

It would serve Mac users well to stay away from the above-mentioned domains and IP addresses or be wary of prompts to download software updates that do not come from Apple’s legitimate website. This is just another small example that proves that even Mac users aren’t

Is a gamer not entitled to his accolades? Are his mantles not strong enough to hoist bronze statuettes and framed placards? Is he never to rise from the solace of his throne of bean-baggery, clenched fists caressing the sunrise as a green-screened mountain range draped with opaque patriotic banderole sails behind him?

No, say the parents of the would-be misanthrope, as they watch their progeny sink further into a headset.

No, says his social circle, shaking their heads and wondering why he’d enjoy such endeavors as they pile into a Pasat en route to giving Michael Bay $15 each.

No, says the FOX News anchor, as he spouts rabid talking points blaming videogames for the decline of modern everything.

But he deserves better. We deserve glory.

Being a gamer is no easy task. It seems that you will always catch some flak from people because of one person or another just because they probably don’t understand. Most all of us gamers have been in the situation where we do something in our favorite games that we didn’t think was possible or just got darn lucky. If it was beating the final level on the hardest difficulty, or finding that secret room that everyone said didn’t exist, we have all had our moments that we like to brag about.

Those of us that are gamers understand where our fellow gamers are coming from, but those who choose to miss out on the excitement of gaming will sadly never get to be a part of these great moments. So below is a list of nine moments that we gamers were proud to be gamers!

1. Finally Getting Past a Tough Boss
2. Reaching 100% Completion for the First Time
3. Beating a Game Without Cheating or Using Codes
4. Beating a Next-to-Impossible Game for the First Time
5. Getting a Higher Score Than Your Sibling
6. Being the First to Camp Out for Midnight Launch
7. Discovering a Cheat or Easter Egg Before Anyone Else
8. Beating a Smack Talker
9. Knowing More Than the Clerk at Game Stop

So there you have it… nine moments that without a doubt would make just about any gamer proud! I am not going to go into detail with each of these nine moments because they are all pretty self-explanatory. If you don’t seem to understand some of these moments listed… well then I am sorry to say that it looks like you are not a gamer and you just probably wouldn’t be able to understand.

A little over three months ago, the whole IT sector was waiting with bated breath for April 1. The latest DOWNAD/Conficker variant–WORM_DOWNAD.KK–was poised to strike. We know that on that day, it would attempt to access 500 of 50,000 websites and download new malicious files. This led to fears–somewhat misplaced–that new, possibly damaging payloads could cause severe problems, not just for systems already affected by DOWNAD but the Internet as a whole. Many sectors assumed the worst.

April 1 came and went, and… nothing happened. Several days later, another variant appeared, but without the Internet ending (as some of the worst reporting would have led readers believe) most people believed that DOWNAD, as a major threat, was gone.

While it may no longer be as in the news at it was at its height, DOWNAD didn’t suddenly go away. Recent estimates from the Conficker Working Group place the number of unique IP addresses affected by the top 3 DOWNAD variants at well over 5 million. Even considering the group’s disclaimer of putting the number of actually infected systems at only 25-75% of that number, a minimum of 1.25 million infected systems is nothing to laugh at.

The Trend Micro World Virus Tracking Center (WTC) numbers bear this out as well. Almost 790,000 systems were found to be infected with DOWNAD variants in the first three months of the year. In the three succeeding months, that number was almost 1.9 million. Clearly, DOWNAD did not decide to quietly go away.

In addition, out of the public eye, DOWNAD went off and did something with all those infected systems: it went off and formed its own botnet. This was documentedin mid-April by Advanced Threat Researchers Paul Ferguson and Ivan Macalintal. The short version, however, is simpler: DOWNAD was used to create a botnet. These can be used for the usual range of threats: spam, Denial of Service attacks, spreading FAKEAV malware, and so on.

Like it or not, malware threats are part of what users have to deal with day in, day out. Like anything people deal with regularly, people become used to malware threats. What was once noteworthy and unusual becomes dull and ordinary. However, this in fact doesnotmake the threat any less dangerous. If anything, it can be argued that it makes the threat more dangerous, as users are more likely to be caught unaware of a threat that may not be something they’re looking out for.

In a very real way, threats like DOWNAD become part of the background noise that is a part of life on the Internet. While it may be unrealistic to expect individual users to keep in mind all threats, but good computing practices will help immensely. The most important one may be: keep your software up to date. This is particularly true for your operating system–a properly patched system would have been proof against most DOWNAD variants. Trend Micro users would have been protected via the Smart Protection Network, of course, but closing the underlying vulnerability would still have been essential.

The price of using your computer freely in today’s Internet may well be constant and unceasing vigilance.

It’s a long weekend and you’re happy because you’ll get to spend the next three days with your family. You left the office in an excited mood but as the cab was approaching home, you suddenly realized that you forgot to shut down the Office PC. Oops!

It’s a sinking feeling because there’re so many confidential documents on the computer and since most of your trusted colleagues have also left for the day, there’s no point calling them for help.

So what do you do? Drive back to Office? Well that’s not required – just take out your cell phone or switch on the laptop at home, send an email (or an SMS or a tweet) and that will instantly lock your Office workstation. And if you share the same computer with multiple people, you can use another email command to remotely log off or even shut down the computer from anywhere in the world.

There’s no magic here, it’s the power of TweetMyPC utility that lets you remote control your computer from a mobile phone or any other Internet connected computer.

It works like this. You first install the free TweetMyPC utility on any Windows PC and associate your Twitter account. The app will silently monitor your Twitter stream every minute for any desktop commands and if it finds one, will act upon it immediately. The initial version of TweetMyPC was limited to basic shutdown and restart commands, however the current v2 has a far more robust set of commands, enabling a far more useful way of getting your PC to carry out certain tasks especially when you’re AFK (Away From Keyboard).

Before we get started, it may be a good thing if you can set up a new twitter account for remote controlling your desktop and also protect the status updates of this account to ensure better security. Protecting the account means that you prevent other users from reading your tweets which in this case are email commands that you sending to the computer. To protect your Twitter profile, log in to Twitter with the credentials you want to use, click Settings and check the box next to “Protect my Updates”.

Let’s get started. Install the TweetMyPC utility of your computer and associate your Twitter and Gmail account with the application. It will use Twitter to receive remote commands (like shutdown, log-off, lock workstation, etc) from while the email account will be used for send your information (e.g., what process are currently running on your computer).

Now that your basic configuration is done, it’s time to set up a posting method. You can use email, SMS, IM, web or any of the Twitter clients to send commands to the remote computer.

By Email: Associate you Twitter account with Posterous (auto-post) and all email messages sent to twit...@posterous.com will therefore become commands for the remote computer.

By SMS: If you live in US, UK, Canada, India, Germany, Sweden or New Zeleand, you can send associate Twitter with your mobile phone (see list of numbers) and then control your remote computer via SMS Text Messages.

By IM: Add the Twitter bot – twit...@twitter.com – to your list of Google Talk buddies and you can then send commands via instant message.

By Web: If you are on vacation but have access to an internet connected laptop, just log into the Twitter website and issue commands (e.g., shutdown or logoff) just as another tweet.

Now we will look at how to download Files, capture remote screenshots & more… While the TweetMyPC is pretty good for shutting down a remote computer, it lets you do some more awesome stuff as well. For instance, you need to download an unfinished presentation from the office computer so that you can work on it at home. Or you want to download a trial copy of Windows 7 on the Office computer while you are at home. Here’s a partial list of commands that you can use to remote control the PC – they’re case-insensitive and, as discussed above, you can send them to Twitter via email, SMS, IM or the web.

Screenshot : This is one of the most useful command I’ve come across after the shutdown command. Want to know what’s happening within the confines of your PC when you’re not around? Just tweet screenshot and TweetMyPC will take a screenshot of your desktop and post it to the web (see example).

ShutDown, LogOff, Reboot, Lock : The function of these useful commands is pretty obvious from their names.

Standby, Hibernate : Don’t want to shutdown the remote PC? Save power by entering standby mode with this command. Or hibernate your PC with a tweet, thereby saving even more power.

Download <url> : You can download any file from the Internet on to the remote computer using the download command. For instance, a command like download http://bit.ly/tCJ9Y will download the CIA Handbook so you have the document ready when you resume work the next day.

GetFile <filepath> : The Download command was for downloading files from the Internet onto the remote computer. However, if you like to transfer a file from the remote computer to your current computer, use the GetFile command. It takes the full page of the file that you want to download and will send that you as an email attachment. If you don’t know the file page, use the command GetFileList <drivename> to get a list of file folders on that drive.

GetProcessList : This is like a remote task manager. You’ll get a list of programs that are currently running on the remote computer along with their process IDs. Send another command kill <process id> to terminate any program that you think is suspicious or not required.

Conclusion:

TweetMyPC is a must-have utility and you never know when you may need it. And if you have been trying to stay away from Twitter all this time, the app gives you a big reason to at least create one protected account on Twitter.

That said, there’s scope for improvement. For instance, the app will wait for a minute to check for new messages in your Twitter stream so it’s not “instant”. The developers can actually increase that limit because the Twitter API now allows upto 100 checks per hour. And since the app is dependent on Twitter and Gmail, it will not work during those rare fail-whale moments.

So this morning I woke up not really able to sleep and was looking around on the internet for something to do. I just so happened to stumble across a little 2D Flash game which was in a way DOOM! Being a oldschool DOOM fan I thought the best thing to do would be to test it out and see what its made of and if it is worthy of having the DOOM name attached to it.

I was pretty impressed that it was able to load up the entire game in about 15 seconds and was able to start playing. It even let me pick my difficulty and had a large portion of the music from the game (everything from the sounds to the level music playing).

The game itself looked and felt a lot better than I was expecting when I entered the first level. While I was only able to go to the left or right (and jump of course), the details and he models of the guns, bad guys, and myself were so crisp it felt like they had been taken right out of the original game and stuck into what I was playing.

I would also like to mention that while the little levels didn’t look like they were similar to the original game (I don’t really see how they could be in 2D)… I was very pleased at how your objective was the almost the exact same. You simply need to get to the exit button killing anything that gets in your way and if you are lucky stumbling across a secret or two in the process.

Even though this post won’t be as long as they usually are, being a big DOOM fan I just couldn’t resist taking some time out of my morning to talk about this nifty little game I just so happen to find. I am sure some of you are wondering where you can try out this as well so fear not… I do have the link for you to go play it! If you wanna try it out for yourself, just make sure you have the latest version of Adobe Flash installed and CLICK HERE to go enjoy this little game.

A U.S. district court has ordered key players in an international spam ring to give up $3.7 million they made by sending out illegal email messages pitching bogus Hoodia weight-loss products and a “human growth hormone” pill they claimed reversed the aging process.

In a Federal Trade Commission (FTC) law enforcement action, the court found that the five defendants, located in Canada and St. Kitts, violated the FTC Act and CAN-SPAM Act by participating in the spam operation. The court order bars the defendants from violating the CAN-SPAM Act and from making false or unsubstantiated claims about the health benefits of any food, drug, or dietary supplement.

The FTC charged that the operation used spammers to drive traffic to Websites selling an extract of the Hoodia gordonii plant it claimed would cause significant weight loss, and a “natural human growth hormone enhancer” it claimed would reverse the aging process. The FTC alleged that these claims were false or unsubstantiated, and charged the defendants with deceptive advertising in violation of federal law. It also alleged that the spammers sent e-mail that contained false “from” addresses and deceptive subject lines, and that they failed to provide a required opt-out link or physical postal address.

The case, filed by the FTC in October 2007, marked the first time the agency invoked the US SAFE WEB Act, a federal law designed to protect consumers from cross-border fraud and deception. The legislation enhances the agency’s ability to exchange information with foreign counterparts and helps protect consumers from cross-border spam and spyware distribution, as well as Internet fraud and deception. The FTC’s complaint charged eight defendants — Spear Systems (a U.S. company), three other corporate defendants, and four individuals.

The FTC settled with three defendants in the case — Spear Systems and two individuals, one in the United States and one in Australia — in May 2008. The agency was unable to reach settlements with the remaining five defendants, who are the subject of the court order announced today: Xavier Ratelle and Abaragidan Gnanendran, of Quebec, Canada; and corporate defendants 9151-1154 Quebec, Inc., 9064-9252 Quebec, Inc., and HBE, Inc. The final orders were entered by the United States District Court for the Northern District of Illinois, Eastern Division.

Although this seems to be a win for the good guys, the bad news is that something like this doesn’t even make a small dent in the problem of spammy emails that flood our inboxes from day to day. We can only hope for more and more of these types of cases to come up because over time, people might actually start to shy away from these methods if the penalties are too high.

Just about everyone these days knows that the internet can be a pretty dangerous place to browse if you are not careful. With all the trojans, viruses, infected websites, scams, it seems that it is near impossible to keep yourself completely safe unless you just keep your computer unplugged from the internet. With all these threats to worry about, this doesn’t even include all the bad things that can come through email or instant messaging programs!

What makes it worse is that the people who out there making all the bad and dangerous stuff on the internet do it for a couple different reasons. A few of them being to steal your personal information (such as bank information, credit card numbers or usernames and passwords), try and scam you with bogus software, or just mess up your computer for the fun of it because they can. I like to call these people “the bad guys”.

While there are a ton of people out there making these bad programs and websites, there are also a big number of people who are on the other side writing software and various tools to help protect your computers as well as clean them if they have gotten infected.

Most users don’t realize that just having an antivirus program is not usually enough to keep you safe from all the bad things that our out there trying to get into your system. I found an great article that talks about 10 pretty simple ways to increase your online security so you don’t have to worry when browsing the web or checking your email. So lets get on to the list!

1. Augment your anti-virus tool
2. Switch to plain text mail
3. Don’t click mail links
4. Vet your email
5. Switch web browser
6. Check web sites before you visit
7. Manage your passwords
8. Screen all downloads
9. P2P basics
10. Create a virtual sandbox

These 10 things are a great start to help keep your PC safe from a majority of the threats that are out there lurking in the shadows of the internet. While these aren’t fool proof, they can help the average user stay away and avoid all together most stuff that can harm their computers.

For a description of each of these 10 ways to further protect yourself, head over to this article on techradar.com to read up on each of these steps.

I recently came across a form of online fraud that takes the guise of a legitimate-lookng news website. At first glance, the content of the purported news page appears real but after conducting further analysis, one will realize that the news page is actually a spammy site.

What’s supposed to be a news article is actually an writeup that explains how Google can supposedly provide online users the opportunity to earn easy money. To make it more convincing, the page also claims to have several positive responses from anonymous online users. Clicking any of the links from the spam website shown above leads to a phishing page.

The page contains a spoofed countdown timer that hopes to make the user panic and quickly fill up the form. Clicking the See If I Qualify button then directs the user to another page containing an affirmation of the user’s qualifications, which will then require him/her to fill up another form with his/her credit card information.

Related phishing schemes have also been found using the same technique but with different keywords other than Google Cash Club. Below are some of the keywords used:

• Make Money with Google
• Google Money Monster
• Google Home Income
• Easy Google Profit
• Google’s Business Kit

Inquiries on the legitimacy of the service have been posted on Google’s support forum, and I agree with what most of the users have posted: Google Cash Club is a scam along with other similar forms of this floating around the internet in different forms of ads.

A new injection attack that redirects users’ Web search queries is in the wild, and researchers at Websense believe it may have already affected more than 40,000 sites. In a blog posted yesterday, Websense researchers indicated that more than 40,000 legitimate sites have been compromised with “obfuscated code that leads to a multilevel redirection attack, ending in a series of drive-by exploits which, if successful, install a Trojan downloader on the user’s machine.”

When users visit one of the infected sites, they are redirected through a series of different sites owned by the attacker and brought to the final landing page containing the exploit code, the researchers say. The final landing page records the visitor’s IP address. When the site is visited for the first time, the user is directed to the exploit payload site. But if the user returns from the same IP address, he is simply directed to the benign site of Ask.com, the researchers report. This one-time download strategy may make the redirects less obvious and harder to detect, they say.

According to a spokesman, the labs first detected what appeared to be benign redirects embedded in compromised Web sites that sent users to Ask.com. “At that time, it seemed likely that hackers were looking to compromise as many sites as possible, getting their foot in the door before activating the campaign with a redirect to a malicious payload site,” he says. The attackers used polymorphic code to avoid detection in these early stages. Now the researchers understand that the malicious campaign actually began simultaneously with the Ask redirect, and the malicious payload site ninetoraq has been infecting users with malware.

Once the user’s computer has been redirected from a compromised site to ninetoraq, the site attempts multiple exploits through obfuscated code targeting vulnerabilities in MDAC, AOL SuperBuddy, Acrobat Reader, and QuickTime, the spokesman says. If it finds an open hole, it drops a malicious PDF file or a Trojan that is designed to steal the user’s information.

Most antivirus applications will not detect either one of these pieces of malicious code, Websense says. One of the exploits is detected by only three of the 41 most commonly used AV programs.

“The obfuscation code injected into these legitimate Web sites is somewhat random, but the deobfuscation algorithm is consistent amongst all the infections,” the researchers say. “The algorithm uses the JavaScript method ‘String.fromCharCode’ to convert a chunk of decimal values to a string. The string obtained after deobfuscation is an iFrame that eventually leads to an exploit site.”

The Websense researchers say the new attack is distinct from Gumblar or Beladen, two other injection attacks that have been redirecting users’ search queries in the past month. It is possible that the same hackers might be developing the different attacks, they say. So be careful when you are out there on the web, cause it seems the bad guys just keep thinking up new and more dangerous stuff everyday!